We wrote a lot of code and just after 6 months we spend a lot of time in studying, understanding and refining it again and again. Code is alive and there is no documentation that can be as exhaustive as the code itself. So, we start using a bunch of tools to manually inspect the code and fully understand what happens to instances of a given type, which parts of the code really need certain dependencies, or which APIs are used in a part of the codebase. This job is even tougher when the codebase comes from a third-party that is extending our app.
The .NET Compiler Platform (Roslyn) gives us the opportunity to write tools to understand the sources from a business rule perspective and extract the information required to identify usage patterns and enforcing security prescriptions.
The idea is to raise the bar of the classic code analysis, writing custom tools and Visual Studio analyzers targeting the specificities of the application being developed.
Raffaele Rialdi is a senior Software Architect working as a consultant, speaker and trainer. Since 2003, he is a Microsoft MVP in the Developer Security category. His passion for the community brought him to be a member of the board of UGIdotNET, president of DotNetLiguria and co-founder of the Italian C++ user group. He is currently working as an architect and developer on the backend of an enterprise project with a specific focus on code generation and working on cross-platform mobile and IoT development in both C# and C++ languages.